Noah
49ffa277e8
* Add "forgot password" workflow. * Add ability to change user email address (confirmation link sent) * Add ability to change user's password. * Add rate limiter to deter brute force login attempts. * Add user deep delete functionality (delete account). * Ping user LastLoginAt every 8 hours for long-lived session cookies. * Add age filters to user search page. * Add sort options to user search (last login, created, username/name)
53 lines
1.4 KiB
Go
53 lines
1.4 KiB
Go
package account
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
|
|
"git.kirsle.net/apps/gosocial/pkg/models/deletion"
|
|
"git.kirsle.net/apps/gosocial/pkg/session"
|
|
"git.kirsle.net/apps/gosocial/pkg/templates"
|
|
)
|
|
|
|
// Delete account page (self service).
|
|
func Delete() http.HandlerFunc {
|
|
tmpl := templates.Must("account/delete.html")
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
currentUser, err := session.CurrentUser(r)
|
|
if err != nil {
|
|
session.FlashError(w, r, "Couldn't get your current user: %s", err)
|
|
templates.Redirect(w, "/")
|
|
return
|
|
}
|
|
|
|
// Confirm deletion.
|
|
if r.Method == http.MethodPost {
|
|
var password = strings.TrimSpace(r.PostFormValue("password"))
|
|
if err := currentUser.CheckPassword(password); err != nil {
|
|
session.FlashError(w, r, "You must enter your correct account password to delete your account.")
|
|
templates.Redirect(w, r.URL.Path)
|
|
return
|
|
}
|
|
|
|
// Delete their account!
|
|
if err := deletion.DeleteUser(currentUser); err != nil {
|
|
session.FlashError(w, r, "Error while deleting your account: %s", err)
|
|
templates.Redirect(w, r.URL.Path)
|
|
return
|
|
}
|
|
|
|
// Sign them out.
|
|
session.LogoutUser(w, r)
|
|
session.Flash(w, r, "Your account has been deleted.")
|
|
templates.Redirect(w, "/")
|
|
return
|
|
}
|
|
|
|
var vars = map[string]interface{}{}
|
|
if err := tmpl.Execute(w, r, vars); err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
})
|
|
}
|